Privacy Related Web Sites

7/30/2019 Privacy Related Web Sites

1/7

Information Privacy Resources

www.aicpa.org Source of the AICPAs Generally Accepted Privacy Principles (GAPP) and Privacy Framework

http://infotech.aicpa.org/NR/rdonlyres/49B27EE4-4A2A-4EAF-A2A5-

83067F32CE43/0/GAPP_Business_092006.pdf

For other privacy-related guidance, go to www.aicpa.org and click on Search Options below thesearch box in the left column. Then uncheck the CPA2Biz.com box under Search Within

column, enter Privacy Principles in the Keywords box, and press Search.

AICPA Membership is NOT required to download these documents.

www.theiia.org Source of The IIAs Global Technology Audit Guide #5 (GTAG) Managing and Auditing Privacy

Risks.

http://www.theiia.org/guidance/technology/gtag/ While you are on this page, check out the otherGTAGs!

Global Technology Audit Guide (GTAG) 5: Managing and Auditing Privacy Risks is intended toprovide the chief audit executive (CAE), internal auditors, and management with insight into

privacy risks that the organization should address when it collects, uses, retains, or disclosespersonal information. This guide provides an overview of key privacy frameworks which help to

understand the basic concepts and aid in finding the right sources for more guidance regardingexpectations and what works well in a variety of environments. It also covers the details on how

internal auditors complete privacy assessments.

AICPA Membership is NOT required to download this document. Hardcopy is also available

from The IIA bookstore at $25 for members and $30 for non-members.
http://www.aicpa.org/http://infotech.aicpa.org/NR/rdonlyres/49B27EE4-4A2A-4EAF-A2A5-83067F32CE43/0/GAPP_Business_092006.pdfhttp://infotech.aicpa.org/NR/rdonlyres/49B27EE4-4A2A-4EAF-A2A5-83067F32CE43/0/GAPP_Business_092006.pdfhttp://www.aicpa.org/http://www.theiia.org/http://www.theiia.org/guidance/technology/gtag/http://www.aicpa.org/http://infotech.aicpa.org/NR/rdonlyres/49B27EE4-4A2A-4EAF-A2A5-83067F32CE43/0/GAPP_Business_092006.pdfhttp://infotech.aicpa.org/NR/rdonlyres/49B27EE4-4A2A-4EAF-A2A5-83067F32CE43/0/GAPP_Business_092006.pdfhttp://www.aicpa.org/http://www.theiia.org/http://www.theiia.org/guidance/technology/gtag/


2/7

www.iapp.com

orwww.privacyassociation.org

The International Association of Privacy Professionals (IAPP) is the worlds largest association of

privacy professionals. Based in York, Maine, U.S.A., the organization represents over 4,000members from businesses, governments and academia across 32 countries.

Founded in 2000, the IAPP was established to define, promote and improve the privacy professionglobally. The IAPP is committed to providing a forum for privacy professionals to share best

practices, track trends, advance privacy management issues, standardize the designations forprivacy professionals, and provide education and guidance on opportunities in the field of privacy.

The IAPP administers the Certified Information Privacy Professional (CIPP) certification program.

This organization offers a couple of free e-zines, such as The Daily Dashboard, which summarizes

the day's top stories with links to the full articles. Click on the Educate link at the top of thehome page, and then e-publications.

http://www.state.nj.us/lps/ca/idtheft.htm Link to New Jerseys Theft Prevention Act of 2006, as posted by the Office of the AttorneyGeneral / Department of Law and Public Safety / Division of Consumer Affairs. The site alsocontains a number of other useful links pertaining to identify theft, phishing, victims reference

guide, and others related topics.

www.privacyrights.org The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer organization with a two-part

mission -- consumer information and consumer advocacy. The PRC's goals are to:Raise consumers' awareness of how technology affects personal privacy.

Empower consumers to take action to control their own personal information by providing practicaltips on privacy protection.

Respond to specific privacy-related complaints from consumers, intercede on their behalf, and,when appropriate, refer them to the proper organizations for further assistance.

Document the nature of consumers' complaints and questions about privacy in reports, testimony,and speeches and make them available to policy makers, industry representatives, consumer

advocates, and the media.

Advocate for consumers' privacy rights in local, state, and federal public policy proceedings,

including legislative testimony, regulatory agency hearings, task forces, and study commissions aswell as conferences and workshops. (continued)
http://www.iapp.com/http://www.privacyassociation.org/http://www.state.nj.us/lps/ca/idtheft.htmhttp://www.state.nj.us/lps/ca/idtheft.htmhttp://www.privacyrights.org/http://www.iapp.com/http://www.privacyassociation.org/http://www.state.nj.us/lps/ca/idtheft.htmhttp://www.state.nj.us/lps/ca/idtheft.htmhttp://www.privacyrights.org/


3/7

If you want to make your head spin, check out their Chronology of Data Breaches (2005-2008) at:

http://www.privacyrights.org/ar/ChronDataBreaches.htm

http://www.ftc.gov/

www.consumer.gov/idtheft

http://www.ftc.gov/privacy/

The Federal Trade Commission is educating consumers and businesses about the importance of

personal information privacy, including the security of personal information. Under the FTC Act,the Commission guards against unfairness and deceptionby enforcing companies' privacy

promises about how they collect, use and secure consumers' personal information. Under theGramm-Leach-Bliley Act, the Commission has implemented rules concerningfinancial privacy

notices and the administrative, technical and physical safeguarding of personal information, and itaggressively enforces against pretexting. The Commission also protects consumer privacy under

the Fair Credit Reporting Act and theChildren's Online Privacy Protection Act. Use the topiclinks on the left to read more about our efforts in each of these areas, including what we've learned,

and what you can do to protect the privacy of your personal information.

http://www.ftc.gov/donotcall National Do Not Call Registry register your home and cell phones to be taken off telemarketerscalling lists. Some calls may still be made, however, if you have a business relationship with thecaller, charitable organizations, and certain others. The National Do Not Call Registry is only for

personal phone numbers. Business-to-business calls and faxes are not covered by the National DoNot Call Registry.

Your registration will not expire. Telephone numbers placed on the National Do Not Call Registrywill remain on it permanently due to the Do-Not-Call Improvement Act of 2007, which became law

in February 2008. Read more about it athttp://www.ftc.gov/opa/2008/04/dncfyi.shtm.

http://www.export.gov/ andwww.export.gov/safeharbor

and

http://www.export.gov/safeharbor/SH_Privacy_Links.asp

Export.gov helps American companies succeed globally. Export.gov brings together resourcesfrom across the U.S. Government to assist American businesses in planning their international sales

strategies and succeed in todays global marketplace. The Web site includes:

Safe Harbor Workbook

Compliance Checklist/Helpful Hints

Safe Harbor Documents (including principles, FAQs, correspondence, etc.)

Historical documents (including public comments)

US Safe Harbor Program rules apply to business conducted with the European Union.
http://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.ftc.gov/http://www.consumer.gov/idthefthttp://www.ftc.gov/privacy/http://www.ftc.gov/privacy/privacyinitiatives/promises.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/glbact.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/financial_rule.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/financial_rule.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/safeguards.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/pretexting.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/credit.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/childrens.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/childrens.htmlhttp://www.ftc.gov/donotcallhttp://www.ftc.gov/opa/2008/04/dncfyi.shtmhttp://www.ftc.gov/opa/2008/04/dncfyi.shtmhttp://www.export.gov/http://www.export.gov/safeharborhttp://www.export.gov/safeharbor/SH_Privacy_Links.asphttp://www.export.gov/safeharbor/SH_Privacy_Links.asphttp://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.ftc.gov/http://www.consumer.gov/idthefthttp://www.ftc.gov/privacy/http://www.ftc.gov/privacy/privacyinitiatives/promises.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/glbact.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/financial_rule.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/safeguards.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/pretexting.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/credit.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/childrens.htmlhttp://www.ftc.gov/donotcallhttp://www.ftc.gov/opa/2008/04/dncfyi.shtmhttp://www.export.gov/http://www.export.gov/safeharborhttp://www.export.gov/safeharbor/SH_Privacy_Links.asphttp://www.export.gov/safeharbor/SH_Privacy_Links.asp


4/7

www.ico.gov.uk UK Information Commissioner

http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

Data Protection Directive at European Union Justice & Home Affairs

http://www.apec.org/ Asia Pacific Economic Cooperation APEC Privacy information. The APEC Privacy Frameworkis a practical policy approach to enable accountability in the flow of data while preventingimpediments to trade. It provides technical assistance to those APEC economies that have not

addressed privacy from a regulatory or policy perspective. The Framework will enable regional

data transfers to the benefit of consumers, businesses and governments. The Framework providesclear guidance and direction to businesses in APEC Member Economies on common privacy issues

and outlines the impact of these issues on the various legitimate business models. The Frameworkdoes this by outlining reasonable expectations of the modern consumer on how their privacy

interests should be protected.

www.privacylaws.com Privacy Laws & Business provides an independent privacy laws information service to many of theworlds largest companies, specialist lawyers and has clientsin over 45 countries. In the UnitedKingdom, the company provides services to help its private and public sector clients comply with

both the Data Protection Act and the Freedom of Information Act. They show management whyand how a positive response to the issues underlying privacy laws provides not only a competitive

advantage, and a way of building and sustaining customer trust, but also a driver of their businessstrategy.

www.truste.org TRUSTe helps consumers and businesses identify trustworthy online organizations through its Web

Privacy Seal, Email Privacy Seal and Trusted Download Programs. Having celebrated its 10th

anniversary in 2007, TRUSTe certifies more than 2,400 Web sites, including the major internetportals and leading brands such as AOL, eBay, IBM, Intuit, Microsoft and Oracle. TRUSTe

resolves thousands of individual privacy disputes every year.

www.bna.com

http://www.bna.com/ilaw/

BNA's Internet Law News is a free daily e-mail summary of developments in Internet law withlinks to full text.
http://www.ico.gov.uk/http://ec.europa.eu/justice_home/fsj/privacy/index_en.htmhttp://ec.europa.eu/justice_home/fsj/privacy/index_en.htmhttp://www.apec.org/http://www.privacylaws.com/http://www.privacylaws.com/templates/Page.aspx?id=417http://www.privacylaws.com/templates/Page.aspx?id=417http://www.truste.org/http://www.bna.com/http://www.bna.com/ilaw/http://www.ico.gov.uk/http://ec.europa.eu/justice_home/fsj/privacy/index_en.htmhttp://ec.europa.eu/justice_home/fsj/privacy/index_en.htmhttp://www.apec.org/http://www.privacylaws.com/http://www.privacylaws.com/templates/Page.aspx?id=417http://www.truste.org/http://www.bna.com/http://www.bna.com/ilaw/


5/7

www.sans.org SANS is the most trusted and by far the largest source forinformation security training and

certification in the world. It also develops, maintains, and makes available at no cost, the largestcollection of research documents about various aspects of information security, and it operates the

Internet's early warning system - Internet Storm Center. Sign up for their free newsletters at

www.sans.org/newsletters/

www.bsa.org

The Business Software Alliance (www.bsa.org) is the foremost organization dedicated to

promoting a safe and legal digital world. BSA is the voice of the world's commercial softwareindustry and its hardware partners before governments and in the international marketplace. Its

members represent one of the fastest growing industries in the world. BSA programs fostertechnology innovation through education and policy initiatives that promote copyright protection,

cyber security, trade and e-commerce. BSA members include Adobe, Apple, Autodesk, Avid,

Bentley Systems, Borland, CA, Cadence Design Systems, Cisco Systems, CNC

Software/Mastercam, Corel, Dell, EMC, HP, IBM, Intel, McAfee, Microsoft, Monotype Imaging,PTC, Quark, Quest Software, SAP, Siemens PLM Software, SolidWorks, Sybase, Symantec,Synopsys, and The MathWorks.

http://www.news.com/8301-

10784_3-9889947-7.html

Article on Cloud Computing, a term mentioned in Melissa Klipps presentation on Digital Data

Management, Privacy, and Protection.

www.dmachoice.org Web site for the Direct Marketing Association. Here you can find information about how to

remove your name from mailing, telemarketing, and e-mail lists, among other related topics.

www.optoutprescreen.com Web site to remove your name from pre-sereened credit and insurance offers. This is alsoaccessible through the www.dmachoice.orgWeb site.

www.zoominfo.com

www.zabasearch.com

How much information is out there about you or someone you know? This is a type of social and

business networking site, similar to www.facebook.com , www.myspace.com,www.linkedin.com,among others.
http://www.sans.org/http://www.sans.org/information_security.phphttp://isc.sans.org/http://www.sans.org/newsletters/http://www.bsa.org/http://www.news.com/8301-10784_3-9889947-7.htmlhttp://www.news.com/8301-10784_3-9889947-7.htmlhttp://www.dmachoice.org/http://www.optoutprescreen.com/http://www.dmachoice.org/http://www.dmachoice.org/http://www.zoominfo.com/http://www.zabasearch.com/http://www.facebook.com/http://www.myspace.com/http://www.linkedin.com/http://www.linkedin.com/http://www.sans.org/http://www.sans.org/information_security.phphttp://isc.sans.org/http://www.sans.org/newsletters/http://www.bsa.org/http://www.news.com/8301-10784_3-9889947-7.htmlhttp://www.news.com/8301-10784_3-9889947-7.htmlhttp://www.dmachoice.org/http://www.optoutprescreen.com/http://www.dmachoice.org/http://www.zoominfo.com/http://www.zabasearch.com/http://www.facebook.com/http://www.myspace.com/http://www.linkedin.com/


6/7

http://www.consumer.gov/senti

nel/

This Web site is the governments central site for fraud and ID theft complaints. See how law

enforcement all over the world work together to fight fraud, using Consumer Sentinel, aninnovative, international law enforcement fraud-fighting program. On this Web site, you can:

Get the facts on consumer frauds from Internet cons, prize promotions, work-at-home

schemes, and telemarketing scams to identity theft. Report your fraud complaints so they can be shared with law enforcement officials across

the U.S. and around the world. Learn how U.S., Canadian, and Australian law enforcers work together with private sector

companies and consumer organizations to combat fraud.

See trends and the types of complaints consumers file.

www.annualcreditreport.com AnnualCreditReport.com is the official site to help consumers to obtain their free credit report.

This central site allows you to request a free credit file disclosure, commonly called a credit report,

once every 12 months from each of the nationwide consumer credit reporting companies: Equifax,

Experian and TransUnion. As a suggestion, if you do not want to pay a monthly fee for creditmonitoring services, order a report from one company now (April). In four months (August), ordera copy from a second company, and four months later (December) order your report from the third

company. Then just keep repeating this cycle at four month intervals.

www.idtheftcenter.org/ Identity Theft Resource Center (ITRC) is a nonprofit, nationally respected organization dedicated

exclusively to the understanding and prevention of identity theft. The ITRC provides consumer andvictim support as well as public education. The ITRC also advises governmental agencies,

legislators, law enforcement, and businesses about the evolving and growing problem of identitytheft.

www.fbi.gov Federal Bureau of Investigation

http://postalinspectors.uspis.go

v

At the request of the Postmaster General, Postal Inspectors are working with thePresident's Identity

Theft Task Forceon recommended strategies for combating identity theft.

www.Pandab.org Pandab is an online newsletter summarizing the top news articles on privacy, law and business.
http://www.consumer.gov/sentinel/http://www.consumer.gov/sentinel/http://www.annualcreditreport.com/https://www.annualcreditreport.com/cra/helpfaq#creditfilehttp://www.idtheftcenter.org/http://www.fbi.gov/http://postalinspectors.uspis.gov/http://postalinspectors.uspis.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://www.pandab.org/http://www.consumer.gov/sentinel/http://www.consumer.gov/sentinel/http://www.annualcreditreport.com/https://www.annualcreditreport.com/cra/helpfaq#creditfilehttp://www.idtheftcenter.org/http://www.fbi.gov/http://postalinspectors.uspis.gov/http://postalinspectors.uspis.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://postalinspectors.uspis.gov/exitpage.aspx?targetURL=http://www.idtheft.gov/http://www.pandab.org/


7/7

www.ponemon.org The Ponemon Institute is dedicated to advancing responsible information and privacy

managementpractices in business and government. To achieve this objective, the Institute conducts independent

research, educates leaders from the private and public sectors and verifies the privacy and data

protection practices of organizations in a variety of industries.

www.privacyalliance.org The Online Privacy Alliance is a diverse group or corporations and associations who have cometogether to introduce and promote business-wide actions that create an environment of trust and

foster the protection of individuals privacy online.

www.isc2.org The International Information Systems Security Certification Consortium, Inc. [(ISC)] is a not-for-

profit organization. (ISC) is charged with the responsibility for maintaining the (ISC) CBK, acompendium of industry best practices for information security, including those for CISSPs,

SSCPs, and CAPs. The CBK is a critical component for certifying the minimum acceptable

competence for professionals seeking to hold various credentials. (ISC) also provides the

information security community with education seminars, examinations and related services. Inaddition, (ISC) acts to safeguard certification standards, and participates in information securityconferences, etc., as some of its more important activities.

www.privacyexchange.org PrivacyExchange is an online global resource for consumer privacy and data protection. It contains

a library of privacy laws, practices, publications, websites and other resources concerning consumerprivacy and data protection developments worldwide.

www.pogowasright.org Privacy news, events, conferences, and other related information of interest.
http://www.ponemon.org/http://www.privacyalliance.org/http://www.isc2.org/http://www.privacyexchange.org/http://www.pogowasright.org/http://www.ponemon.org/http://www.privacyalliance.org/http://www.isc2.org/http://www.privacyexchange.org/http://www.pogowasright.org/